1. Personal data protection policy
1.1 Compliance with applicable laws, regulations, and other standards regarding the protection of personal data
The Company shall comply with the Act on the Protection of Personal data of Japan (Act No.57, 2003) and any other related laws, regulations, standards, and guidelines.
1.2 Personal data collected
We collect certain personal data (such as name, e-mail address, date of birth, passport issuing country, location data, etc.) provided by the customer through the registration form, by e-mail, when the customer purchases a product or makes an inquiry. We collect your location data if you are only in Japan. Please note that if you object to providing personal data you may be excluded from the services provided by the Company.
1.3 Automated data collection when using the Website or the App
When you use this Website or the App, the following data may be collected: your IP address, location data, settings system specifications, and any other information. Once we get access to your location, we will know which mobile device you are using, and we can find nearby attractions that match your interests and share suitable attractions with you that are located nearby. If you no longer want to share location data with us, you can withdraw your consent at any time by changing the privacy settings on your device or browser.
1.4 Purpose of data collection
Your personal data will be processed for the following purposes by the Company:
- (a) It will be used for marketing purposes
- (b) In order to help with the strategic development of the services
- (c) To understand how our Site and App is being used.
1.5. Purpose and use of personal data
- (a) Making our services available and the execution of related services
- (b) Product sales and product management
- (c) Improving our services, such as customer support
- (d) Communications and notifications regarding our products and services
- (e) Conducting market research, such as questionnaires and surveys
- (f) Market analysis to develop and improve our products and services
- (g) Create statistical reports
- (h) Processing to anonymously processed
1.6. Third-party processors of your data
The Company will never share any information or personal data to a third party without your explicit consent, except in the following situations:
- (a) In order to prevent fraudulent or illegal activities, to protect our legal rights and those of third parties, in which case we may share your name, e-mail address, date of birth, passport issuing country, location data, credit card-related information, and any other information to the public authorities and, if necessary, third-party companies.
- (b) We may disclose your personal data to third party service providers located in Japan and overseas when it is necessary to perform our legal duties.
1.7. Your rights
If you do not wish to receive information about our products and services or those of other affiliated organizations necessary to perform our services, you may opt-out from receiving such e-mails from us.
If you have any questions or concerns regarding your privacy and the protection of your personal data, if you do not want us to use or keep your personal data after you have shared it with us, or if you have provided incorrect information to us, please send an e-mail to firstname.lastname@example.org. We will then verify your identity, and fulfil your request, either by correcting or deleting your personal data.
1.8 Retention period of personal data
1.9 Technical measures to protect personal data
The Company will take all appropriate and industry-standard security measures to store and process your personal data in a secure manner, and in order to prevent unauthorized access and data leaks.
2. About THE TOKYO PASS Website and App
2.1 Collecting personal data when using our services
When you are using our Website or downloading our App, we may ask for information such as your name, e-mail address, date of birth, passport issuing country, location data. We may also record information such as the types of services you are interested in, usage patterns, information requested by you, and products you have purchased.
2.2 Marketing and Communication
- (a) As an integral part of the services we provide, THE TOKYO PASS may occasionally send messages you may find useful via e-mail or through the App containing informational offers, promotions, discounts, events, new services, information about related activities or attractions, and location-based information. Such communications may also be sent by SMS, Whatsapp, and any other available method or technology.
- (c) We have partnered with a number of third-party companies and organizations, such as ticket suppliers and attractions. We may share your personal data with them. Your personal data, including but not limited to your name, e-mail address, is used to confirm or change your reservation with them.
9F Shinagawa Season Terrace, 1-2-70 Konan, Minato-ku, Tokyo, Japan 108-8220
Personal data Protection Manager
For more information about THE TOKYO PASS service, please contact us.
THE TOKYO PASS Office, TANSEISHA Co., Ltd.
9F Shinagawa Season Terrace, 1-2-70 Konan, Minato-ku, Tokyo, Japan 108-8220
1. Legal basis
We may convert personal data into statistical and/or aggregated data, which cannot be used to identify a data subject directly and is solely used to produce statistical studies and reports.
We never collect, process, or use any personal data that under the GDPR is considered sensitive personal data.
2. Storage period
Your personal data shall always be processed in accordance with the purposes mentioned in this document, until you request the deletion of your personal data. However, if your information and personal data are deleted after such a request, we recommend you back it up yourself, as you may need it for legal, tax, or regulatory purposes.
3. Data management
Compliance and security
We may be forced to disclose personal data under the applicable law, after receiving an order from a court of law, or a request from the government or public authorities from your country of residence or any other jurisdiction. We may also disclose your information and personal data if we, at our sole discretion, decide that disclosure is necessary or appropriate for important grounds of national security, law enforcement, or public interest.
We may also disclose your personal data if we believe in good faith that disclosure is necessary to protect our own business interests or those of other users.
4. Responsibility for booking on behalf of others
In the event that you use our services, or make a booking on behalf of someone else, it remains your full responsibility to verify the correctness of individuals’ personal data, and that you understand and agree with the way we use that personal data.
This Service is only for customers that are adults according to the applicable law. However, we may unintentionally collect and process personal data from children under the age of sixteen (16). In that case, we will ask for the consent of the parent or legal guardian. We never collect and process personal data from children under the age of thirteen (13). If you suspect this is the case, please contact us immediately.
6. Links to third-party websites
We may provide hypertext links on our Website and in our App that direct to third-party websites or other internet resources. We do not control and are not responsible for the content, privacy, and data protection practices of those third-party websites. Please read their respective GDPR Policy carefully in order to become aware of how these third-parties collect and process personal data.
7. Data processing records
We keep records of the processing of personal data in accordance with our obligations under Article 30 GDPR, and such records contain all information needed to comply with the GDPR and, where appropriate, to co-operate with data protection authorities as stipulated in Article 31 GDPR.
8. Security measures
We process personal data in a secure manner that ensures protection against fraudulent or illegal processing activities, against accidental loss, destruction, or damage. We shall always use any appropriate technical or organizational measures to achieve this level of protection, which is in accordance with Articles 25(1) and 32 of the GDPR.
We will retain your personal data for as long as the law requires it, and as long as it is necessary to fulfill the purposes described in this GDPR Policy.
9. Notification of data breach to data protection authorities
We will have mechanisms and internal policies in place to evaluate the accidental or unlawful destruction or loss of personal data transmitted, stored, or otherwise processed by us, and to discover a security breach leading to tampering, unauthorized disclosure, or access of personal data. Depending on the results of an investigation after such events have occurred, we will notify, if necessary, the data protection authorities and contact the affected data subjects, which may include you (Articles 33 and 34 GDPR).
10. Processing that can pose a high risk to your rights and freedoms
If we conduct a data processing activity that may pose a high risk to your rights and freedoms, we will assess the impact of such activities before we store and process your personal data. After having performed an internal evaluation, we will either stop such activities, confirm they comply with the GDPR, or make sure that appropriate technical and organizational safeguards are implemented in order to proceed with the data processing activity. (Article 35 GDPR)
If you still have questions, we recommend you contact your national data protection authority to advise you on this issue (Article 36 GDPR).
11. Your rights
You have the following rights:
Access to your personal data: You have the right to receive all the information and metadata about the personal data we hold about you.
Data rectification: You have the right to request your personal data to be corrected and rectified if we hold any information about you that is incorrect.
Data removal: You have the right to be forgotten, meaning you may request the full erasure of your personal data.
Restrict the processing of personal data: You have the right to ask us to restrict the use and processing by us of your personal data.
Objections to the processing of personal data: You may have the right to object to our use of your personal data. Please note that certain conditions may apply to the exercise of this right.
Portability of personal data: You have the right to receive personal data in a structured and commonly used format.
If you want to exercise your rights or need more information about how we use your personal data, please contact the Secretariat at email@example.com.
The steps to exercise your rights are as follows:
- 1. Once we have received your notice, we will send you a confirmation that we are processing your request. Also, we will indicate our response time, which shall be within a reasonable period of time.
- 2. We will evaluate your request first in order to confirm your identity and whether the request is valid.
- 3. If no further information or action from you is required, we will continue with the processing of your request.
- 4. At the end of evaluating our internal privacy processes, we will provide an answer to your request in connection to our duty to comply with the GDPR.
- 5. We may charge a reasonable fee based on our administrative costs for either excessive or unsubstantiated requests.
12. If you want to file a complaint about the way we process your personal data
You can file a complaint by contacting THE TOKYO PASS office and sending it to firstname.lastname@example.org.
After having received your complaint, THE TOKYO PASS office will send you a confirmation of receipt within three working days. This answer may include additional questions necessary to clarify the issue underlying your complaint. THE TOKYO PASS Secretariat will respond with a substantive response as soon as reasonably possible, but at least within one month after receiving your complaint. If we are unable to provide a substantive response within one month due to the complexity of the complaint, we will respond to it within two months after having received it.
This GDPR Policy may be revised or updated from time to time in the future, and by doing so, we will publish the latest version on this page. We recommend you check our GDPR Policy regularly for any applicable changes by referring to the date of the last version on the top of this page. If the applicable law requires us to ask you again for your consent, we will notify you and make sure you agree with the latest version of our GDPR Policy before we continue to collect your personal data.
We welcome any questions, comments, or requests regarding this GDPR Policy.
THE TOKYO PASS Secretariat
TANSEISHA Co., Ltd.
15. About Cookies
Formulated on September 1, 2022